The blockchain is the core component of Bitcoin that keeps a decentralized record of every transaction ever made. When a new transaction is successfully verified, it will be uploaded to the blockchain and becomes visible to every client for reference against.
The issue here is that the blockchain will accept any kind of upload regardless of whether the content is actually a Bitcoin transaction log or not. All kinds of files could be uploaded, including malicious malware.
Because of the function of the blockchain, it is always automatically downloaded onto every single computer and server running the Bitcoin software and is always kept in sync. Therefore, if a malicious file were to compromise the blockchain then every computer mining for bitcoin would automatically download it.
Vast numbers of systems could be infected in one go. The situation is worsened by the difficulty of removing the malware. It is practically impossible to remove data from the Bitcoin blockchain so once the malware is uploaded it is in theory there forever.
The research was unveiled in an INTERPOL statement made with researchers from cyber security research firm Kaspersky Labs. A proof-of-concept malware was also revealed to prove that the attack is functional. It ran on the Bitcoin network and communicated with a hacker-controlled Bitcoin address to extract information on transactions from the blockchain.
The issue has presented some very serious questions about the security of blockchain technology. The idea has previously been billed as an innovative new way of decentralising several kinds of services including internet of things devices.
IBM is considering using the blockchain to power a network of such products but with the threat of malware so pronounced they may be forced to rethink the project if a solution cannot be found. With the blockchain looking so vulnerable, it is only a matter of time before a real attack comes around and with so many computers so easily affected the incentive could be high for the hackers.